<?php
require 'Slim/Slim.php';
require 'Slim/Middleware.php';
require 'Slim/Middleware/HttpBasicAuth.php';
require "include/function.php";
\Slim\Slim::registerAutoloader();

class QuickNap {
	 public function __construct() {
        // create new Slim
        $this->app = new \Slim\Slim();
		$this->app->add(new \HttpBasicAuth());
    }
	public function enable() {
        // connect to the DB
		require_once("db_config.php");
        // setup the routes
        $this->app->get('/user/checkuser', array($this, 'checkuser'));
		$this->app->post('/user/checkuser', array($this, 'checkuser'));
		 $this->app->get('/user/login', array($this, 'login'));
		$this->app->post('/user/login', array($this, 'login'));
	
        // start Slim
        $this->app->run();
    }
	
	public function login($user,$pass1){
		$iso1 = $this->sqlsafe( $user );
		$iso2 = $this->sqlsafe( $pass1 );
		$pass = md5($pass1);
		$kq = false;
		if( $iso1 && $iso2 )
		{
			$sql = "SELECT cAccName FROM Account_Info WHERE cAccName = '".$user."' AND cPassWord = '".$pass."';";
			$member = $this->connect_sql( $sql );
			if($member['cAccName'] == $user)
			{
				$kq = true;
				
			}
		}
		echo json_encode(array("result"=>$kq));
	}
	
	// admin 
	public function login_admin($user,$pass1){
		$iso1 = $this->sqlsafe( $user );
		$iso2 = $this->sqlsafe( $pass1 );
		$pass = md5($pass1);
		$users = md5($user);
		$kq = false;
		if( $iso1 && $iso2 )
		{
			
			if($users == 'ca3ca064999647c37d03fafbaaf51fba' && $pass == '086843192aba69fa8c1075669124100c' )
			{
				$kq = true;
				//$_SESSION['AccoutName'] = "Quantri";
				//$_SESSION['hoangcuong'] = "administrtor";
			}
		}
		echo json_encode(array("result"=>$kq));
	}
	
	public function register($user,$pass11,$pass21,$email,$quest,$answer,$phone){
		
		$iso1 = $this->sqlsafe( $user );
		$iso2 = $this->sqlsafe( $pass11 );
		$iso3 = $this->sqlsafe( $pass21 );
		$iso4 = $this->sqlsafe( $quest );
		$iso5 = $this->sqlsafe( $answer );
		$iso6 = $this->sqlsafe( $phone );
		$iso7 = $this->sqlsafe( $email );
		$pass1 = md5($pass11);
		$pass2 = md5($pass21);
		$dangky = $this->checkuser($user);
		$chekemail = $this->checkemail($email);
		$kq = false;
		if ( isset( $user ) && !empty( $user ) && $dangky != $user && $iso1 && $iso2 && $iso3 && $iso4 && $iso5 && $iso6 && $iso7 )
		{ 	if( $chekemail != $email )//email chua dang ky
			{
				$sql = "INSERT INTO Account_Info (cAccName,cSecPassWord,cPassWord,iClientID,dLoginDate,dLogoutDate,nExtPoint,nExtPoint1,nExtPoint2,nExtPoint3,nExtPoint4,nExtPoint5,nExtPoint6,nExtPoint7,nUserIP,nUserIPPort,nFeeType,bParentalControl,bIsBanned,bIsUseOTP,iOTPSessionLifeTime,iServiceFlag)
						VALUES('$user','$pass2','$pass1',0,'2014-04-17 04:33:12.173','2014-04-17 04:34:12.173',1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,0) ";
				$member = $this->connect_sql( $sql );
				$sql1 = "INSERT INTO Account_Habitus (cAccName,iLeftSecond,dEndDate,iUseSecond)
						VALUES('$user',0,'2015-03-02 00:00:00.000',796532) ";
				$member1 = $this->connect_sql( $sql1 );
				$sql2 = "INSERT INTO Account_sub_Info (cAccName,cPassWord,cPhone,cQuestion,cAnswer,cEMail)
						VALUES('$user','$pass1','$phone','$quest','$answer','$email') ";
				$member2 = $this->connect_sql( $sql2 );
				
				$kq = true;
				
			}
			else{ $kq = "email"; }
		}
		echo json_encode(array("result"=>$kq));
	}
	
	public function re_password1($user,$pass11,$quest,$answer){
	
		$iso1 = $this->sqlsafe( $user );
		$iso2 = $this->sqlsafe( $pass11 );
		$iso4 = $this->sqlsafe( $quest );
		$iso5 = $this->sqlsafe( $answer );
		$pass1 = md5($pass11);
		
		$kq = false;
		if ( isset( $user ) && !empty( $user ) && $iso1 && $iso2 && $iso4 && $iso5 )
		{
			$sqls = "SELECT * FROM Account_sub_Info WHERE cQuestion = '$quest' AND cAnswer='$answer' AND cAccName = '$user'; ";
			$members = $this->connect_sql( $sqls );
			if( $members['cAccName'] == $user )
			{
				$sql = "UPDATE Account_Info SET cPassWord='$pass1' WHERE cAccName='$user' ";
				$member = $this->connect_sql( $sql );
				
				$sql2 = "UPDATE Account_sub_Info SET cPassWord= '$pass1' WHERE cAccName='$user' ";
				$member2 = $this->connect_sql( $sql2 );

				$kq = true;
			}

			
		}
		echo json_encode(array("result"=>$kq));
	}
	
	public function re_password2($user,$pass2news,$pass2s){
	
		$iso5 = $this->sqlsafe( $pass2news );
		$iso6 = $this->sqlsafe( $pass2s );
		$pass2new = md5($pass2news);
		$pass2 = md5($pass2s);
		
		$kq = false;
		if ( isset( $pass2 ) && !empty( $pass2 ) && $iso5 && $iso6 )
		{
			$sqls = "SELECT * FROM Account_Info WHERE cSecPassWord = '$pass2' AND cAccName = '".$user."'; ";
			$members = $this->connect_sql( $sqls );
			if( $members['cAccName'] == $user )
			{
				$sql = "UPDATE Account_Info SET cSecPassWord='$pass2new' WHERE cAccName='".$members['cAccName']."' ";
				$member = $this->connect_sql( $sql );

				$kq = true;
			}
		} 
		echo json_encode(array("result"=>$kq));
	}
	
	public function re_email($user,$email,$pass2s,$quest,$answer){
		$iso5 = $this->sqlsafe( $email );
		$iso1 = $this->sqlsafe( $pass2s );
		$iso2 = $this->sqlsafe( $quest );
		$iso3 = $this->sqlsafe( $answer );
		$pass2 = md5($pass2s);
		$kq = false;
		if ( isset( $pass2 ) && !empty( $pass2 ) && $iso1 && $iso2 && $iso3 && $iso5 )
		{
			$sqls = "SELECT * FROM Account_Info WHERE cSecPassWord = '$pass2' AND cAccName = '".user."'; ";
			$members = $this->connect_sql( $sqls );
			$sqls1 = "SELECT * FROM Account_sub_Info WHERE cQuestion = '$quest' AND cAnswer='$answer' AND cAccName = '".user."'; ";
			$members1 = $this->connect_sql( $sqls );
			if( $members['cAccName'] == user && $members['cAccName'] == $members1['cAccName'] )
			{
				$sql2 = "UPDATE Account_sub_Info SET cEMail= '$email' WHERE cAccName='".user."' ";
				$member2 = $this->connect_sql( $sql2 );

				$kq = true;
			}
		} 
		echo json_encode(array("result"=>$kq));
	}
	
	public function re_quets($user,$quest,$answer,$email,$pass2s){
		$iso5 = $this->sqlsafe( $email );
		$iso1 = $this->sqlsafe( $pass2s );
		$iso2 = $this->sqlsafe( $quest );
		$iso3 = $this->sqlsafe( $answer );
		$pass2 = md5($pass2s);
		$kq = false;
		if ( isset( $pass2 ) && !empty( $pass2 ) && $iso1 && $iso2 && $iso3 && $iso5 )
		{
			$sqls = "SELECT * FROM Account_Info WHERE cSecPassWord = '$pass2' AND cAccName = '".$user."'; ";
			$members = $this->connect_sql( $sqls );
			$sqls1 = "SELECT * FROM Account_sub_Info WHERE cEMail = '$email' AND cAccName = '".$user."'; ";
			$members1 = $this->connect_sql( $sqls );
			
			if( $members['cAccName'] == $user && $members['cAccName'] == $members1['cAccName'] )
			{
				$sql2 = "UPDATE Account_sub_Info SET cQuestion= '$quest', cAnswer='$answer' WHERE cAccName='".$user."' ";
				$member2 = $this->connect_sql( $sql2 );

				$kq = true;
			}
		} 
		echo json_encode(array("result"=>$kq));
	}
	
	public function checkuser($user){
		$kq = false;
		$sql = "SELECT cAccName FROM Account_sub_Info WHERE cAccName = '".$user."';";
		$member = $this->connect_sql( $sql );
		if( $member['cAccName'] == $user )
			$kq = $member['cAccName'];
		echo json_encode(array("result"=>$kq));
	}
	
	public function checkemail($email){
		$kq = false;
		$sql = "SELECT cEMail FROM Account_sub_Info WHERE cEMail = '".$email."';";
		$member = $this->connect_sql( $sql );
		if( $member['cEMail'] == $email )
			$kq =true;
		echo json_encode(array("result"=>$kq));
	}
	// chua implements - cho ver2
	public function listuser(){
		$kq = false;
		$sql = "SELECT TOP 100 * FROM Account_Info order by nExtPoint1 DESC;";
		$row = @mssql_query($sql);
		$kq = $member;
		echo json_encode(array("result"=>$kq));
	}
	// chua implements - cho ver2
	public function get_info_account($user ='', $email=''){
		$info = array();
		if($user != ''){
			$sql = "SELECT * FROM Account_sub_Info WHERE cAccName = '".$user."';";
			$member = $this->connect_sql( $sql );
			$sql1 = "SELECT * FROM Account_Info WHERE cAccName = '".$user."';";
			$member1 = $this->connect_sql( $sql1 );
			$info[0] = $member;
			$info[1] = $member1;
		}elseif( $email != '' ){
			$sql = "SELECT * FROM Account_sub_Info WHERE cEMail = '".$email."';";
			$member = $this->connect_sql( $sql );
			$sql1 = "SELECT * FROM Account_Info WHERE cAccName = '".$member['cAccName']."';";
			$member1 = $this->connect_sql( $sql1 );
			$info[0] = $member;
			$info[1] = $member1;
		}
		echo json_encode($info);
	}
	//// chua implements - cho ver2
	public function adminedit_info($user,$pass1,$pass2,$email,$nextpoint,$nextpoint1,$nextpoint2,$nextpoint3,$nextpoint4,$nextpoint5,$nextpoint6,$nextpoint7){
		$setpass = '';
		if( strlen($pass1) > 5 ){ $pass11 = md5($pass1);  $setpass .= " ,cPassWord= '$pass11' "; }
		
		$sql2 = "UPDATE Account_sub_Info SET cEMail= '$email', $setpass WHERE cAccName='$user' ";
		$member2 = $this->connect_sql( $sql2 );
		
		if( strlen($pass2) > 5 ){ $pass21 = md5($pass2); $setpass .= " ,cSecPassWord= '$pass21' "; }
		
		$sql1 = "UPDATE Account_Info SET nExtPoint= $nextpoint,nExtPoint1 = $nextpoint1,nExtPoint2 = $nextpoint2,nExtPoint3 = $nextpoint3,nExtPoint4 = $nextpoint4,nExtPoint5 = $nextpoint5,nExtPoint6 = $nextpoint6,nExtPoint7 =  $nextpoint7 $setpass WHERE cAccName='$user' ";
		$member1 = $this->connect_sql( $sql1 );
		echo json_encode(array("result"=>true));
	}

   
}
?>